Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.
2. justify why use of the digital forensic methodology and approach
is warranted including procedures for corporate
investigation.(Apply with the case study)
describe the resources required to conduct a digital forensic
investigation, including team member skill sets and required
tools. .(Apply with the case study)
outline an approach for data/evidence identification and
acquisition that would occur in order to prepare the auditors for
review of the digital evidence. .(Apply with the case study)
outline an approach and steps to be taken during the analysis
phase making the assumption the computer system is a
Microsoft Windows-based computer. .(Apply with the case study)
create a table of contents for the investigative plan describing
what the primary focus of the report would be. .(Apply with the
case study)
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
For more information :
3. Global finance company has 10000 employees.
It has introduced network communication and
computerization in all its branches
A fear of security was raised by one of the managers
Digital forensic audit was performed to look into the security
issues
The investigation was conducted on the MS word, Outlook,
and other deleted files in the manager’s computer
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
4. ◦ The data from the target computer should not be modified but kept for
reference
◦ The audit team must have high skill and expertise
◦ The relevant documentation and trial conducted by the audit team must
be preserved
◦ Information Security Officer is solely responsible for the security.
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
5. ◦ Recognize the security systems that has lapsed.
◦ Recognize all the digital evidence
◦ All the malicious activities are recognized with 5W’s
◦ Recognize the legal procedure
◦ To analyze and find the impact on the branch
◦ Submit the final report to the head
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
6. ◦ Collection
◦ Examination
◦ Analysis
◦ Report
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
7. It is basically the acquisition of data
Recording and labeling the data of the
computers in the Queensland branches
Two ways of collecting data:
◦ Volatile
◦ Non-volatile
Data is also collected from other sources like
offline and online.
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
8. The computer of the manager that is targeted computer can be accessed via.
LAN connection.
A tool collection that is trusted and can be recorded and used through
cmd.exe file.
The commands needed are:
Cryptcat <id address> 6543 – k key
Cryptcat -1 –p 6543 –k key >> <filename>
Windows based tools that are to be used on the Windows based systems are,
o HBGray’s fastDump to obtain the local physical memory
o HBGray’s F-Response to obtain remote physical memory
o Ipconfig is used for the collection of subject system details
o Netusers and qusers can identify logged in user information
o Doskey or history for collecting command history
o Netfile is used to identify the services and drivers
Data is acquired from Ram, registry and cache memory, network, etc
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
9. This kind of data is present in the permanent storage of the computing
device.
Copying this type of data for the local office is known as forensic
imaging
Data is collected from storage devices like hard disk, CD, DVD, etc.
The data should be preserved without any modifications or alteration.
The process of forensic imaging can be done using tools like, EnCase,
ProDiscover and FTK.
The data is imitated as the ROM or read only memory by the team
performing audit.
The audit team use write blocker.
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
10. File system assessment : NTFS contains MFT that has information of
the files and disc in the OS. To get the file c:more <file1.txt:file2.txt
is used.
Windows registry assessment: The window registry structure is
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CURRENT_CONFIG
HKEY_LOCAL_MACHINE
Information's present here are- user activity, MRU, auto start
Database forensic assessment: Here, DDL, DML transactions in the
database is assessed
Network forensic assessment: The browsing data, mails, IP address
are assessed.
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
11. Gather the hidden or odd files
Unusual accounts
For strangely opened sockets
Abnormal application requirements
Malicious activities
Total memory investigation
Total file systems investigation
Malware analysis
Total timeline analysis
Total event correlation investigation
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
12. ◦ The computer is identified via. remote access by the attacker
◦ Os patches
◦ The source of compromise
◦ The suspected malware
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
13. The audit team finally prepares the report after the
through investigation
◦ Point of the report: It is submitted so that detail of the
investigation can be known to the authorized personnel
◦ Author of the report: Information security officer.
◦ Incident summary: The foundation of the conciliation
explored from the computer of the manager and is caused
due to x1, x2 and x3 reasons
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
14. ◦ Evidence: All the important digital evidence and log file
tracked in the analysis
◦ Analysis: Investigation of the unlawful sources,
completed from the sources x, y and z
◦ Conclusion: The computer of the manager and other
computing devices in the local office are systematically
investigated and lastly the sources are found where
they found any sign of compromise
◦ Supporting documents: These documents involve non-
volatile and volatile information
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
15. All the devices in the local as well as the manager’s
computer was investigated properly
Examination was done to see unauthorized and
authorized sources
The compromise’s source explored and found
The report is submitted to the Information security
officer.
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html
16. Kenneth J. Zahn (2013), “Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware
Analysis Exercise”, GIAC (FREM) Gold Certification
John Ashcroft (2001), “Electronic Crime Scene Investigation, A guide for First
Responders”, NIJ Guide
M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models".
International Journal of Digital Evidence
Richard Brian Adams (2012), “The Advanced Data Acquisition Model (ADAM): A Process
Model for Digital Forensic Practice”
Agarwal, A., Gupta, M., Gupta, S., & Gupta, S. C. (2011). “Systematic Digital Forensic
Investigation Model”, International Journal of Computer Science and Security, 5(1), 118-
130.
Armstrong, C. (2003), “Mastering Computer Forensics. In C. Irvine & H. Armstrong”,
Security Education and Critical Infrastructures Kluwer Academic Publishers.
For more information :
myassignmenthelp.com/answers/digital-forensic/digital-forensic-case-study-objectives-this-assessment
-item-relates-to-the-course-leaing-outcome-1-to-9-as-stated-on-page-1-of-the-cou.html